/*     */ package com.zimbra.cs.service;
/*     */ 
/*     */ import com.zimbra.common.service.ServiceException;
/*     */ import com.zimbra.common.util.Log;
/*     */ import com.zimbra.common.util.ZimbraLog;
/*     */ import com.zimbra.cs.account.AccessManager;
/*     */ import com.zimbra.cs.account.Account;
/*     */ import com.zimbra.cs.account.AuthToken;
/*     */ import com.zimbra.cs.account.Provisioning;
/*     */ import com.zimbra.cs.account.Server;
/*     */ import com.zimbra.cs.account.auth.AuthContext.Protocol;
/*     */ import com.zimbra.cs.httpclient.URLUtil;
/*     */ import com.zimbra.cs.service.authenticator.SSOAuthenticator.ZimbraPrincipal;
/*     */ import com.zimbra.cs.servlet.ZimbraServlet;
/*     */ import java.io.IOException;
/*     */ import java.net.MalformedURLException;
/*     */ import java.net.URL;
/*     */ import java.util.HashMap;
/*     */ import java.util.Map;
/*     */ import javax.servlet.ServletException;
/*     */ import javax.servlet.http.HttpServletRequest;
/*     */ import javax.servlet.http.HttpServletResponse;
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ public abstract class SSOServlet
/*     */   extends ZimbraServlet
/*     */ {
/*     */   private static final String IGNORE_LOGIN_URL = "?ignoreLoginURL=1";
/*     */   
/*     */   protected abstract boolean redirectToRelativeURL();
/*     */   
/*     */   public void init()
/*     */     throws ServletException
/*     */   {
/*  48 */     String name = getServletName();
/*  49 */     ZimbraLog.account.info("Servlet " + name + " starting up");
/*  50 */     super.init();
/*     */   }
/*     */   
/*     */   public void destroy() {
/*  54 */     String name = getServletName();
/*  55 */     ZimbraLog.account.info("Servlet " + name + " shutting down");
/*  56 */     super.destroy();
/*     */   }
/*     */   
/*     */ 
/*     */   protected AuthToken authorize(HttpServletRequest req, AuthContext.Protocol proto, SSOAuthenticator.ZimbraPrincipal principal, boolean isAdminRequest)
/*     */     throws ServiceException
/*     */   {
/*  63 */     Map<String, Object> authCtxt = new HashMap();
/*  64 */     authCtxt.put("ocip", ZimbraServlet.getOrigIp(req));
/*  65 */     authCtxt.put("remoteip", ZimbraServlet.getClientIp(req));
/*  66 */     authCtxt.put("anp", principal.getName());
/*  67 */     authCtxt.put("ua", req.getHeader("User-Agent"));
/*     */     
/*  69 */     Provisioning prov = Provisioning.getInstance();
/*  70 */     Account acct = principal.getAccount();
/*     */     
/*  72 */     ZimbraLog.addAccountNameToContext(acct.getName());
/*     */     
/*  74 */     prov.ssoAuthAccount(acct, proto, authCtxt);
/*     */     
/*  76 */     if ((isAdminRequest) && 
/*  77 */       (!AccessManager.getInstance().isAdequateAdminAccount(acct))) {
/*  78 */       throw ServiceException.PERM_DENIED("not an admin account");
/*     */     }
/*     */     
/*     */ 
/*  82 */     AuthToken authToken = AuthProvider.getAuthToken(acct, isAdminRequest);
/*     */     
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*  89 */     return authToken;
/*     */   }
/*     */   
/*     */   protected boolean isOnAdminPort(HttpServletRequest req) throws ServiceException {
/*  93 */     int adminPort = Provisioning.getInstance().getLocalServer().getAdminPort();
/*  94 */     return req.getLocalPort() == adminPort;
/*     */   }
/*     */   
/*     */   protected boolean isFromZCO(HttpServletRequest req) throws ServiceException {
/*  98 */     String UA_ZCO = "Zimbra-ZCO";
/*  99 */     String userAgent = req.getHeader("User-Agent");
/* 100 */     return userAgent.contains("Zimbra-ZCO");
/*     */   }
/*     */   
/*     */ 
/*     */   protected void setAuthTokenCookieAndReturn(HttpServletRequest req, HttpServletResponse resp, AuthToken authToken)
/*     */     throws IOException, ServiceException
/*     */   {
/* 107 */     boolean isAdmin = AuthToken.isAnyAdmin(authToken);
/* 108 */     boolean secureCookie = isProtocolSecure(req.getScheme());
/* 109 */     authToken.encode(resp, isAdmin, secureCookie);
/* 110 */     resp.setContentLength(0);
/*     */   }
/*     */   
/*     */   private String getRedirectURL(HttpServletRequest req, Server server, boolean isAdmin) throws ServiceException, MalformedURLException
/*     */   {
/* 115 */     boolean relative = redirectToRelativeURL();
/*     */     String redirectUrl;
/*     */     String redirectUrl;
/* 118 */     if (isAdmin) {
/* 119 */       redirectUrl = getAdminURL(server, relative);
/*     */     } else {
/* 121 */       redirectUrl = getMailURL(server, relative);
/*     */     }
/*     */     
/* 124 */     if (!relative) {
/* 125 */       URL url = new URL(redirectUrl);
/*     */       
/*     */ 
/* 128 */       String reqHost = req.getServerName();
/* 129 */       String host = url.getHost();
/*     */       
/* 131 */       if (!reqHost.equalsIgnoreCase(host)) {
/* 132 */         URL destUrl = new URL(url.getProtocol(), reqHost, url.getPort(), url.getFile());
/* 133 */         redirectUrl = destUrl.toString();
/*     */       }
/*     */     }
/*     */     
/* 137 */     return redirectUrl;
/*     */   }
/*     */   
/*     */   private String appendIgnoreLoginURL(String redirectUrl) {
/* 141 */     if (!redirectUrl.endsWith("/")) {
/* 142 */       redirectUrl = redirectUrl + "/";
/*     */     }
/* 144 */     return redirectUrl + "?ignoreLoginURL=1";
/*     */   }
/*     */   
/*     */ 
/*     */   protected void setAuthTokenCookieAndRedirect(HttpServletRequest req, HttpServletResponse resp, Account acct, AuthToken authToken)
/*     */     throws IOException, ServiceException
/*     */   {
/* 151 */     boolean isAdmin = AuthToken.isAnyAdmin(authToken);
/* 152 */     boolean secureCookie = isProtocolSecure(req.getScheme());
/* 153 */     authToken.encode(resp, isAdmin, secureCookie);
/*     */     
/* 155 */     Provisioning prov = Provisioning.getInstance();
/* 156 */     Server server = prov.getServer(acct);
/*     */     
/* 158 */     String redirectUrl = getRedirectURL(req, server, isAdmin);
/*     */     
/*     */ 
/* 161 */     redirectUrl = appendIgnoreLoginURL(redirectUrl);
/*     */     
/* 163 */     boolean relative = redirectToRelativeURL();
/* 164 */     if (!relative) {
/* 165 */       URL url = new URL(redirectUrl);
/* 166 */       boolean isRedirectProtocolSecure = isProtocolSecure(url.getProtocol());
/*     */       
/* 168 */       if ((secureCookie) && (!isRedirectProtocolSecure)) {
/* 169 */         throw ServiceException.INVALID_REQUEST("cannot redirect to non-secure protocol: " + redirectUrl, null);
/*     */       }
/*     */     }
/*     */     
/*     */ 
/* 174 */     ZimbraLog.account.debug("SSOServlet - redirecting (with auth token) to: " + redirectUrl);
/* 175 */     resp.sendRedirect(redirectUrl);
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */   protected void redirectToErrorPage(HttpServletRequest req, HttpServletResponse resp, boolean isAdminRequest, String errorUrl)
/*     */     throws IOException, ServiceException
/*     */   {
/*     */     String redirectUrl;
/*     */     
/*     */ 
/* 186 */     if (errorUrl == null) {
/* 187 */       Server server = Provisioning.getInstance().getLocalServer();
/* 188 */       String redirectUrl = getRedirectURL(req, server, isAdminRequest);
/*     */       
/*     */ 
/* 191 */       redirectUrl = appendIgnoreLoginURL(redirectUrl);
/*     */     }
/*     */     else {
/* 194 */       redirectUrl = errorUrl;
/*     */     }
/*     */     
/* 197 */     ZimbraLog.account.debug("SSOServlet - redirecting to: " + redirectUrl);
/* 198 */     resp.sendRedirect(redirectUrl);
/*     */   }
/*     */   
/*     */   private boolean isProtocolSecure(String protocol)
/*     */   {
/* 203 */     return "https".equalsIgnoreCase(protocol);
/*     */   }
/*     */   
/*     */   private String getMailURL(Server server, boolean relative) throws ServiceException {
/* 207 */     String serviceUrl = server.getMailURL();
/*     */     
/* 209 */     if (relative) {
/* 210 */       return serviceUrl;
/*     */     }
/* 212 */     return URLUtil.getServiceURL(server, serviceUrl, true);
/*     */   }
/*     */   
/*     */   private String getAdminURL(Server server, boolean relative) throws ServiceException
/*     */   {
/* 217 */     String serviceUrl = server.getAdminURL();
/*     */     
/* 219 */     if (relative) {
/* 220 */       return serviceUrl;
/*     */     }
/* 222 */     return URLUtil.getAdminURL(server, serviceUrl, true);
/*     */   }
/*     */ }


/* Location:              /home/mint/zimbrastore.jar!/com/zimbra/cs/service/SSOServlet.class
 * Java compiler version: 7 (51.0)
 * JD-Core Version:       0.7.1
 */